blob: 5c1e49bc3cb39236f5e0afd3f9b23c136d4c0388 [file] [log] [blame]
# Test of verbose mode.
# No vulnerabilities, no output.
$ govulncheck -dir ${moddir}/novuln -v .
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
Scanning for dependencies with known vulnerabilities...
No vulnerabilities found.
$ govulncheck -dir ${moddir}/vuln -v . --> FAIL 3
govulncheck is an experimental tool. Share feedback at https://go.dev/s/govulncheck-feedback.
Scanning for dependencies with known vulnerabilities...
Found 1 known vulnerability.
Vulnerability #1: GO-2021-0113
Due to improper index calculation, an incorrectly formatted
language tag can cause Parse to panic via an out of bounds read.
If Parse is used to process untrusted user inputs, this may be
used as a vector for a denial of service attack.
Call stacks in your code:
#1: for function Parse
golang.org/vuln.main
.../vuln.go:12:16
golang.org/x/text/language.Parse
Found in: golang.org/x/text/language@v0.3.0
Fixed in: golang.org/x/text/language@v0.3.7
More info: https://pkg.go.dev/vuln/GO-2021-0113
=== Informational ===
The vulnerabilities below are in packages that you import, but your code
doesn't appear to call any vulnerable functions. You may not need to take any
action. See https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck
for details.
Vulnerability #1: GO-2022-0592
A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
More info: https://pkg.go.dev/vuln/GO-2022-0592
Vulnerability #2: GO-2021-0265
GJSON allowed a ReDoS (regular expression denial of service) attack.
Found in: github.com/tidwall/gjson@v1.9.2
Fixed in: github.com/tidwall/gjson@v1.9.3
Platforms: linux/amd64, windows/amd64
More info: https://pkg.go.dev/vuln/GO-2021-0265